multi istio

이민규·2023년 6월 30일
0
post-custom-banner
git clone https://github.com/mlkmhd/istio-multi-cluster-initializer.git
$ wget https://github.com/smallstep/cli/releases/download/v0.24.4/step_linux_0.24.4_amd64.tar.gz -O step.tar.gz
$ tar -xvzf step.tar.gz
$ sudo mv step_0.24.4/bin/step /usr/bin/
$ sudo chmod +x /usr/bin/step
$ cd gen-certs
$ ./gen-certs.sh 2

istio Deploy

$ sudo apt install envsubst -y
$ wget -c "https://github.com/istio/istio/releases/download/1.15.7/istio-1.15.7-linux-amd64.tar.gz" -O istio.tar.gz
$ tar -xvzf istio.tar.gz
$ sudo mv istio-1.15.7/bin/istioctl /usr/bin/
#!/bin/bash
set -xe

export TOTAL_CLUSTERS=$1

mkdir -p tmp

for ((CLUSTER_INDEX=1;CLUSTER_INDEX<=${TOTAL_CLUSTERS};CLUSTER_INDEX++)); do

    export CLUSTER_INDEX

    for ((i=1;i<=${TOTAL_CLUSTERS};i++)); do
        CLUSTER_INDEX=$i envsubst < namespace.yaml > tmp/namespace-${i}.yaml
        kubectl --context="ctx-${i}" apply -f tmp/namespace-${i}.yaml
    done

    kubectl create secret generic cacerts -n istio-system \
        --from-file=./gen-certs/certs/cluster-${CLUSTER_INDEX}/ca-cert.pem \
        --from-file=./gen-certs/certs/cluster-${CLUSTER_INDEX}/ca-key.pem \
        --from-file=./gen-certs/certs/root-cert.pem \
        --from-file=./gen-certs/certs/cluster-${CLUSTER_INDEX}/cert-chain.pem --dry-run -o yaml > tmp/certs.yaml
    kubectl --context="ctx-${CLUSTER_INDEX}" -n istio-system apply -f tmp/certs.yaml

    envsubst < controlplane.yaml > tmp/controlplane-${CLUSTER_INDEX}.yaml
    istioctl --context="ctx-${CLUSTER_INDEX}" install -y -f tmp/controlplane-${CLUSTER_INDEX}.yaml

    envsubst < eastwest-gateway.yaml > tmp/eastwest-gateway-${CLUSTER_INDEX}.yaml
    istioctl --context="ctx-${CLUSTER_INDEX}" install -y -f tmp/eastwest-gateway-${CLUSTER_INDEX}.yaml

    kubectl --context="ctx-${CLUSTER_INDEX}" apply -n istio-system -f ./expose-services.yaml

    #kubectl --context="ctx-${CLUSTER_INDEX}" get nodes -o json | jq '.items[].metadata.name' > tmp/nodes.txt
    kubectl --context="ctx-${CLUSTER_INDEX}" get nodes -o json | jq '.items[].status.addresses[0].address' > tmp/nodes.txt
    NODES=`sed -z 's/\n/,/g;s/,$/\n/' tmp/nodes.txt`
    kubectl --context="ctx-${CLUSTER_INDEX}" patch service istio-eastwestgateway --patch "{\"spec\": {\"externalIPs\": [${NODES}]}}" -n istio-system

    for ((i=1;i<=${TOTAL_CLUSTERS};i++)); do
        if [ ${i} != ${CLUSTER_INDEX} ]; then
            istioctl --context="ctx-${i}" x create-remote-secret --name="cluster-${i}" > tmp/cluster-secret-${i}.yaml
            kubectl --context="ctx-${CLUSTER_INDEX}" apply -f tmp/cluster-secret-${i}.yaml
        fi
    done

done

multi istio configration

$ cd istio-multi-cluster-initializer/
$ ./install.sh 2
$ kubectl --context=ctx-1 create ns test
$ kubectl --context=ctx-2 create ns test

$ kubectl --context=ctx-1 label namespace test istio-injection=enabled --overwrite
$ kubectl --context=ctx-2 label namespace test istio-injection=enabled --overwrite
profile
이민규
이전 포스트

google 인증

다음 포스트

multi istio

post-custom-banner

0개의 댓글